Save time and money, reduce risk with Microsoft Entra provisioning updates

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Entra (Azure AD) Blog articles.

The Microsoft Entra Azure Active Directory (Azure AD) provisioning service automates your identity lifecycle and keeps identities in sync across trusted source systems (like HR systems) and end applications that users need access to (like SaaS apps, on-premises apps, and Active Directory). We’re excited to announce a set of recent releases that deliver:


  • Increased resiliency and reliability for your provisioning jobs
  • New functionality for provisioning scenarios
  • More connected apps and attribute enhancements


Increased resiliency and reliability for your provisioning jobs


Mistakes happen. Protect your users from accidental deletions: Accidental deletion of users in your apps or in your on-premises directory could be disastrous. We’re excited to announce general availability of a capability to prevent accidental deletions. The Azure AD provisioning service now monitors for a spike in deletion events (e.g., you change a scoping filter when provisioning from Workday to Azure AD) and alerts you when the number of expected deletions exceeds a configurable threshold. The service pauses to provide you visibility into the potential deletions and allows you to accept them or make changes to ensure that users continue to have access to their resources. Learn more.




Preview and test transformations prior to activating them on users: Setting up user provisioning often requires transforming data before exporting it to the target applications. Save time building and customizing these transformations by using the expression tester. We're announcing general availability and are excited that you can now more easily model and test your expressions prior to turning them live. Learn more.


New functionality for provisioning scenarios


No more waiting for sync. Provision groups on-demand: Customers have grown to love the user on-demand provisioning capability that allows you to create, update, or delete a user in seconds. With today’s announcement of general availability for group on-demand provisioning, you can now provision a group into an application, such as Amazon Web Services, on-demand. This capability is available through both UI and API. Learn more.




Password changes are instantly reflected in both on-premises (AD) and Azure AD for synced users: We're thrilled to announce the general availability of Cloud Sync’s password writeback capabilities. This real-time password synchronization supports synced users changing or resetting their passwords using SSPR (self-service password reset), enabling password updates real-time on-premises and in Azure AD, even for users in disconnected forests. Learn more.



Evaluate and intuitively configure and deploy Cloud Sync: We've made it easier for hybrid administrators to evaluate and deploy Azure AD Connect cloud sync for on-prem and Azure AD synchronization needs. From an intuitive wizard experience to help decide which sync tool is the best for their needs to a series of suggested next steps during configuration, customers will more quickly and confidently be able to deploy cloud sync and manage fully from the cloud. Microsoft 365 admins can run the wizard directly, and an unauthenticated wizard will be available soon on the Cloud Sync overview page.


More connected apps and attribute enhancements


Benefit from even more connected applications: With the recent addition of 11 additional applications, we now have 270 applications in our app gallery. The new apps include KnowBe4 Security, Blinq, Mural Identity, KPN Grip, and Adobe Identity Management (OIDC). Learn more.


Easily test your SCIM server for compatibility with the Azure AD SCIM client: Independent Software Vendors and developers can now use the SCIM validator to ensure that their SCIM servers are compatible with the Azure AD SCIM client. The SCIM validator is now generally available and makes standing up your SCIM server even easier. Learn more.


Bring gender pronoun preferences from Workday into Azure AD: Workplaces across the globe are adopting diversity and inclusion (D&I) best practices such as enabling employees to set their pronouns as part of their Workday HCM profile. This gives employees more control over how they share their personal information with their organizations. We're excited to share that you can now extend your Workday-driven user provisioning jobs to read pronoun settings from Workday and include them as part of the display name in the Azure AD user profile. Learn more.


We want to hear from you! Feel free to leave comments down below or reach out to us on




Learn more about Microsoft identity:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.